We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 94d623c commit 36253a7Copy full SHA for 36253a7
1 file changed
Bugzilla/Template.pm
@@ -713,12 +713,13 @@ sub create {
713
},
714
715
# In CSV, quotes are doubled, and any value containing a quote or a
716
- # comma is enclosed in quotes. If a field starts with an equals
717
- # sign, it is proceed by a space.
+ # comma is enclosed in quotes.
+ # If a field starts with either "=", "+", "-" or "@", it is preceded
718
+ # by a space to prevent stupid formula execution from Excel & co.
719
csv => sub
720
{
721
my ($var) = @_;
- $var = ' ' . $var if substr($var, 0, 1) eq '=';
722
+ $var = ' ' . $var if $var =~ /^[+=@-]/;
723
# backslash is not special to CSV, but it can be used to confuse some browsers...
724
# so we do not allow it to happen. We only do this for logged-in users.
725
$var =~ s/\\/\x{FF3C}/g if Bugzilla->user->id;
0 commit comments